Complete the code to identify the STRIDE category for spoofing attacks.
threat_category = "[1]" # STRIDE category for pretending to be someone else
Spoofing means pretending to be someone else to gain unauthorized access. It is one of the STRIDE threat categories.
Complete the code to calculate the DREAD risk score by summing the components.
risk_score = damage_potential + reproducibility + exploitability + affected_users + discoverability average_risk = risk_score / [1] # Number of DREAD factors
DREAD has 5 factors: Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability. The average risk divides the total by 5.
Fix the error in the STRIDE threat identification code.
if threat == "[1]": print("This threat involves unauthorized data changes.")
Tampering refers to unauthorized modification of data or code. The code checks for tampering to print the correct message.
Fill both blanks to complete the DREAD risk calculation for a threat with given scores.
total_score = [1] + [2] + exploitability + affected_users + discoverability average_score = total_score / 5
The DREAD risk score sums damage potential and reproducibility along with other factors. Spoofing and tampering are STRIDE categories, not DREAD factors.
Fill all three blanks to create a dictionary mapping STRIDE categories to their descriptions.
stride_dict = {
"S": "[1]",
"T": "[2]",
"R": "[3]"
}STRIDE categories S, T, and R stand for Spoofing, Tampering, and Repudiation respectively, with their common descriptions.